Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-40566 | MEDIUM | 4.1 | FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Server-Side Request Forgery (SSRF) vulnerability in the IMAP/SMTP connection … | Apr 21, 2026 |
| CVE-2026-40279 | LOW | 3.7 | BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decode_signed32() in src/bacnet/bacint.c reconstructs a 32-bit signed integer … | Apr 21, 2026 |
| CVE-2026-40161 | HIGH | 7.7 | Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to 1.10.0, the Tekton Pipelines git resolver in API mode sends the system-configured … | Apr 21, 2026 |
| CVE-2026-40050 | CRITICAL | 9.8 | CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale. This vulnerability only requires mitigation by customers that host … | Apr 21, 2026 |
| CVE-2026-38835 | CRITICAL | 9.8 | Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter. This vulnerability allows attackers to … | Apr 21, 2026 |
| CVE-2026-38834 | HIGH | 7.3 | Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the do_ping_action function via the hostName parameter. This vulnerability allows attackers to … | Apr 21, 2026 |
| CVE-2026-35451 | MEDIUM | 5.7 | Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting (XSS) vulnerability exists in the BlockNote editor component. Due to a lack … | Apr 21, 2026 |
| CVE-2026-30452 | MEDIUM | 6.5 | Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management system that allows authenticated users with low privileges to modify articles owned … | Apr 21, 2026 |
| CVE-2026-29179 | LOW | 3.3 | October is a Content Management System (CMS) and web platform. Prior to 3.7.16 and 4.1.16, fine-grained sub-permission checks for asset and blueprint file operations were … | Apr 21, 2026 |
| CVE-2026-27937 | LOW | 3.1 | October is a Content Management System (CMS) and web platform. Prior to 3.7.16 and 4.1.16, a reflected Cross-Site Scripting (XSS) vulnerability was identified in the … | Apr 21, 2026 |
| CVE-2026-26274 | MEDIUM | 6.6 | October is a Content Management System (CMS) and web platform. Prior to 3.7.14 and 4.1.10, a vulnerability was identified in the Twig sandbox security policy … | Apr 21, 2026 |
| CVE-2026-26067 | MEDIUM | 4.9 | October is a Content Management System (CMS) and web platform. Prior to 3.7.14 and 4.1.10, a server-side information disclosure vulnerability was identified in the handling … | Apr 21, 2026 |
| CVE-2026-25542 | MEDIUM | 6.5 | Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 0.43.0 to 1.11.0, trusted resources verification policies match a resource source string (refSource.URI) against … | Apr 21, 2026 |
| CVE-2026-24189 | HIGH | 8.2 | NVIDIA CUDA-Q contains a vulnerability in an endpoint, where an unauthenticated attacker could cause an out-of-bounds read by sending a maliciously crafted request. A successful … | Apr 21, 2026 |
| CVE-2026-24177 | HIGH | 7.7 | NVIDIA KAI Scheduler contains a vulnerability where an attacker could access API endpoints without authorization. A successful exploit of this vulnerability might lead to information … | Apr 21, 2026 |
| CVE-2026-24176 | MEDIUM | 4.3 | NVIDIA KAI Scheduler contains a vulnerability where an attacker could cause improper authorization through cross-namespace pod references. A successful exploit of this vulnerability might lead … | Apr 21, 2026 |
| CVE-2026-21571 | UNKNOWN | — | This Critical severity OS Command Injection vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This … | Apr 21, 2026 |
| CVE-2019-25714 | UNKNOWN | — | Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web … | Apr 21, 2026 |
| CVE-2026-40565 | MEDIUM | 6.1 | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's linkify() function in app/Misc/Helper.php converts plain-text URLs in email bodies … | Apr 21, 2026 |
| CVE-2026-40498 | UNKNOWN | — | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can access diagnostic and system tools that should … | Apr 21, 2026 |
| CVE-2026-37748 | HIGH | 7.2 | Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/admin_user_insert.php and vms/php/update_1.php. The move_uploaded_file() function is called without any MIME type, … | Apr 21, 2026 |
| CVE-2025-41029 | UNKNOWN | — | SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending … | Apr 21, 2026 |
| CVE-2025-41011 | UNKNOWN | — | HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack … | Apr 21, 2026 |
| CVE-2025-15638 | CRITICAL | 10.0 | Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt. Net::Dropbear versions before 0.14 includes versions of Dropbear 2019.78 or earlier. These include … | Apr 21, 2026 |
| CVE-2017-20230 | CRITICAL | 10.0 | Storable versions before 3.05 for Perl has a stack overflow. The retrieve_hook function stored the length of the class name into a signed integer but … | Apr 21, 2026 |